Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RY5I4kTKw2hEBxEdCf_zdX9f3NM.roa
File:                     RY5I4kTKw2hEBxEdCf_zdX9f3NM.roa (raw, json)
Hash identifier:          o9IAigQMeMescOEsxEN6Cb/hWyCP/y8oJ6oR0xEdNyY=
Subject key identifier:   45:8E:48:E2:44:CA:C3:68:44:07:11:1D:09:FF:F3:75:7F:5F:DC:D3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019C130DB65A54797FE10F8BE614A4326C97
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RY5I4kTKw2hEBxEdCf_zdX9f3NM.roa
Signing time:             Sat 31 Jan 2026 07:56:31 +0000
ROA not before:           Sat 31 Jan 2026 07:56:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211577
IP address blocks:        31.58.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:13:0d:b6:5a:54:79:7f:e1:0f:8b:e6:14:a4:32:6c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 31 07:56:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=458e48e244cac3684407111d09fff3757f5fdcd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:44:6c:1b:e9:c6:bf:50:80:77:08:f6:82:85:
                    2d:a0:c7:2e:f0:eb:b8:55:29:d9:e9:ea:7f:13:a5:
                    e4:ad:3c:c7:7e:0f:52:93:14:75:70:63:53:7b:fb:
                    86:0e:04:9a:0f:1f:b5:96:c6:1d:42:6a:ed:00:8a:
                    3d:63:e0:b6:19:54:e0:c7:0d:4c:ad:13:1e:51:14:
                    6f:d2:b3:9a:13:1f:06:3c:21:c1:9a:84:76:1f:79:
                    f4:c9:97:e5:8b:3e:0a:f8:b5:d8:33:d5:76:d7:5c:
                    15:d3:f0:ec:59:b0:8d:09:2a:5c:73:f6:e5:25:b5:
                    8a:59:01:d6:d0:c9:9d:0f:60:79:33:1c:88:c7:86:
                    8b:91:65:68:79:f8:cc:56:34:25:b7:47:95:55:78:
                    36:1b:45:e4:09:db:84:f9:41:99:eb:ae:55:3d:e1:
                    1b:e8:74:79:c3:1b:8c:17:eb:e5:c2:4b:07:2a:87:
                    53:65:33:42:83:4e:a7:49:79:56:42:a0:c5:3b:1b:
                    e8:25:40:ea:36:c6:1d:4c:57:af:39:0b:47:1b:62:
                    c0:d1:3b:3e:2a:b0:ef:63:94:41:ab:61:34:e2:35:
                    df:f2:65:f1:21:4b:00:f7:c8:cc:92:cb:0b:f0:4f:
                    ff:72:2e:7d:5b:7c:75:5b:0b:f2:c7:4c:6c:59:79:
                    1d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:8E:48:E2:44:CA:C3:68:44:07:11:1D:09:FF:F3:75:7F:5F:DC:D3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RY5I4kTKw2hEBxEdCf_zdX9f3NM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:fa:c8:35:2c:ed:f6:ae:09:6b:83:33:d2:aa:40:5c:32:b0:
         d5:24:cd:f1:68:f1:92:27:9a:27:b9:47:62:00:8c:7d:b6:2f:
         9f:6c:66:e3:f1:dc:36:e2:98:6b:2f:b3:dc:3a:11:1b:ed:3b:
         c2:8b:36:c2:fd:ca:e3:9e:11:1c:fe:e2:64:e8:b7:ad:cb:52:
         fe:bf:b2:a9:13:2b:55:01:50:dd:ec:b1:6a:15:e9:29:25:81:
         5f:94:f8:5a:5a:3d:b7:d0:a8:98:0a:77:5b:a6:91:a9:0e:12:
         e4:36:bd:97:55:53:1a:25:7e:8b:54:cb:74:d7:ea:25:0a:64:
         bc:b9:c1:9e:1c:97:d3:6e:0f:d7:09:e5:a0:81:9a:a3:75:7e:
         2b:2f:c3:48:c1:16:4b:2c:93:7d:dc:17:3d:2f:f2:61:21:00:
         3c:ae:af:18:8c:e4:09:ad:c9:b9:4e:00:37:85:05:39:73:89:
         87:93:85:15:fc:10:e4:a4:a5:7a:00:2d:23:bb:73:32:6e:53:
         7a:76:c5:c6:29:ab:f9:75:ee:bf:14:ae:a3:98:f7:75:cd:8b:
         93:16:62:c4:f1:4f:04:1c:67:5c:26:90:cd:99:b9:ab:80:88:
         1d:bc:63:de:4a:01:25:6f:46:3a:22:30:86:24:49:b2:15:2e:
         4d:d8:52:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwTDbZaVHl/4Q+L5hSkMmyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTMxMDc1NjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NThlNDhlMjQ0Y2FjMzY4NDQwNzExMWQwOWZmZjM3NTdmNWZkY2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtURsG+nGv1CAdwj2goUtoMcu8Ou4
VSnZ6ep/E6XkrTzHfg9SkxR1cGNTe/uGDgSaDx+1lsYdQmrtAIo9Y+C2GVTgxw1M
rRMeURRv0rOaEx8GPCHBmoR2H3n0yZfliz4K+LXYM9V211wV0/DsWbCNCSpcc/bl
JbWKWQHW0MmdD2B5MxyIx4aLkWVoefjMVjQlt0eVVXg2G0XkCduE+UGZ665VPeEb
6HR5wxuMF+vlwksHKodTZTNCg06nSXlWQqDFOxvoJUDqNsYdTFevOQtHG2LA0Ts+
KrDvY5RBq2E04jXf8mXxIUsA98jMkssL8E//ci59W3x1Wwvyx0xsWXkdkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWOSOJEysNoRAcRHQn/83V/X9zTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUlk1STRrVEt3MmhFQnhFZENmX3pkWDlmM05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzopMA0G
CSqGSIb3DQEBCwUAA4IBAQCY+sg1LO32rglrgzPSqkBcMrDVJM3xaPGSJ5onuUdi
AIx9ti+fbGbj8dw24phrL7PcOhEb7TvCizbC/crjnhEc/uJk6Lety1L+v7KpEytV
AVDd7LFqFekpJYFflPhaWj230KiYCndbppGpDhLkNr2XVVMaJX6LVMt01+olCmS8
ucGeHJfTbg/XCeWggZqjdX4rL8NIwRZLLJN93Bc9L/JhIQA8rq8YjOQJrcm5TgA3
hQU5c4mHk4UV/BDkpKV6AC0ju3MyblN6dsXGKav5de6/FK6jmPd1zYuTFmLE8U8E
HGdcJpDNmbmrgIgdvGPeSgElb0Y6IjCGJEmyFS5N2FIp
-----END CERTIFICATE-----